Dumping a domain worth of passwords with mimikatz :: malicious.link — welcome
Tags
attack-pattern: Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID ea7f6eb5-b8de-4748-8592-2a749235e660
Fingerprint 1e088455e0e404ed
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 5, 2013, 11:53 p.m.
Added to db Jan. 18, 2023, 9:59 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline UNKNOWN
Title Dumping a domain worth of passwords with mimikatz :: malicious.link — welcome
Detected Hints/Tags/Attributes 26/1/16
Source URLs
Redirection Url
Details Source https://malicious.link/post/2013/2013-10-05-dumping-a-domain-worth-of-passwords-with-mimikatz/
URL Provider
Details Provider Source level domain
Details malicious.link malicious.link
Attributes
Details Type #Events CTI Value
Details Domain 20 
is.gd
Details Domain 4128 
github.com
Details File 27 
invoke-mimikatz.ps1
Details File 1 
massmimi_reg.rb
Details File 13 
%computername%.txt
Details File 2 
serverlist.txt
Details File 3 
mimikatz.ps1
Details File 1208 
powershell.exe
Details Github username 5 
mubix
Details IPv4 6 
192.168.1.127
Details IPv4 1 
192.168.92.127
Details Url 5 
http://is.gd/oeofui
Details Url 1 
http://192.168.1.127:8080/invoke-mimikatz.ps1
Details Url 1 
https://github.com/mubix/post-exploitation/tree/master/scripts/mass_mimikatz
Details Windows Registry Key 2 
HKLM\System\CurrentControlSet\services\LanmanServer\Parameters
Details Windows Registry Key 1 
HKLM\System\CurrentControlSet\Contol\Lsa